During load testing of our Ruby program, we have been getting
segmentation faults fairly consistently (but at unpredictable times)
after the program has been running for awhile under heavy load.

From the stack trace, it appears that Ruby is in garbage collection
at the time, specifically in rb_gc_mark_frame(frame) which calls
mark_locations_array(x, n) with the frame's argv and argc.
The value of argc in these calls is typically a large negative number,
suggesting that the frame's argv and argc are uninitialized.
The top of the stack trace is appended below.

We're running Ruby 1.6.7 with WEBrick (using 20 threads) on RedHat Linux
7.2.
(We started with Ruby 1.7.2, but when we hit this problem,
we tried downgrading to 1.6.7.)  Any help would be much appreciated!

Thanks,
Jim


#0  0x400a9a01 in __kill () from /lib/i686/libc.so.6
#1  0x400a97da in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2  0x400aaf82 in abort () at ../sysdeps/generic/abort.c:88
#3  0x080b1eca in rb_bug () at error.c:178
#4  <signal handler called>
#5  mark_locations_array (x=0x40263ef8, n=-1074526067) at gc.c:354
#6  0x08066ef9 in rb_gc_mark_frame (frame=0x9b9814c) at gc.c:912
#7  0x0805f534 in thread_mark (th=0x870a1d8) at eval.c:7213
#8  0x0806697f in rb_gc_mark (ptr=0x40478838) at gc.c:634
#9  0x0806653c in mark_locations_array (x=0x8edf3c8, n=4250) at gc.c:378
#10 0x0805f431 in thread_mark (th=0x89a93c8) at eval.c:7188
#11 0x0806697f in rb_gc_mark (ptr=0x40478644) at gc.c:634
#12 0x0806653c in mark_locations_array (x=0x9162560, n=17074) at gc.c:378
#13 0x0805f431 in thread_mark (th=0x89b3ae8) at eval.c:7188
#14 0x0806697f in rb_gc_mark (ptr=0x40478464) at gc.c:634
#15 0x080669fb in rb_gc_mark (ptr=0x404c1998) at gc.c:667
#16 0x0806653c in mark_locations_array (x=0x9b81390, n=15691) at gc.c:378
#17 0x0805f431 in thread_mark (th=0x98ba280) at eval.c:7188
#18 0x0806697f in rb_gc_mark (ptr=0x40485d94) at gc.c:634
#19 0x0806653c in mark_locations_array (x=0x8b65988, n=18580) at gc.c:378
#20 0x0805f431 in thread_mark (th=0x8a0e138) at eval.c:7188
#21 0x0806697f in rb_gc_mark (ptr=0x40478fb8) at gc.c:634
#22 0x08066937 in rb_gc_mark (ptr=0x404794f4) at gc.c:617
#23 0x080669bb in rb_gc_mark (ptr=0x4048f04c) at gc.c:656
#24 0x0806653c in mark_locations_array (x=0x8b18580, n=7904) at gc.c:378
#25 0x0805f431 in thread_mark (th=0x897fa60) at eval.c:7188
#26 0x0806697f in rb_gc_mark (ptr=0x40476f24) at gc.c:634
#27 0x0806653c in mark_locations_array (x=0x91995f0, n=21263) at gc.c:378
#28 0x0805f431 in thread_mark (th=0x847b680) at eval.c:7188
#29 0x0806697f in rb_gc_mark (ptr=0x4047915c) at gc.c:634
#30 0x0806653c in mark_locations_array (x=0x91c4ea0, n=18859) at gc.c:378
#31 0x0805f431 in thread_mark (th=0x8975340) at eval.c:7188
#32 0x0806697f in rb_gc_mark (ptr=0x40477140) at gc.c:634
#33 0x08066937 in rb_gc_mark (ptr=0x40263ed0) at gc.c:617
#34 0x0806658e in mark_entry (key=10514, value=1076248272) at gc.c:405
#35 0x0809ccf9 in st_foreach (table=0x820c390, func=0x8066580
<mark_entry>, arg=0x0) at st.c:488
#36 0x080665af in rb_mark_tbl (tbl=0x820c390) at gc.c:414
#37 0x08066993 in rb_gc_mark (ptr=0x40263ef8) at gc.c:638
#38 0x0806653c in mark_locations_array (x=0x8cc2768, n=20859) at gc.c:378
#39 0x0805f431 in thread_mark (th=0x89be208) at eval.c:7188